IP spoofing is a technique where a host sends out packets which claim
to be from another host. Since packet filtering makes decisions based
on this source address, IP spoofing is used to fool packet filters. It
is also used to hide the identity of attackers using SYN attacks, Teardrop,
Ping of Death and the like (don't worry if you don't know what they are).

The best way to protect from IP spoofing is called Source Address Verification,
and it is done by the routing code, and not firewalling at all. Look
for a file called rp_filter by doing this:

ls
-l /proc/sys/net/ipv4/conf/all/rp_filter [Enter]

If this exists, then turning on Source Address Verification at every
boot is the right solution for you. To do that, insert the following
lines in your init script (for Redhat based distributions
use /etc/rc.d/rc.sysinit script): immediately
after /proc is mounted:

# This is the best method: turn on Source Address Verification and
get# spoof protection on all current and future interfaces. if [ -e /proc/sys/net/ipv4/conf/all/rp_filter
]; then echo -n "Setting
up IP spoofing protection..." for f in /proc/sys/net/ipv4/conf/*/rp_filter;
do
echo 1 > $f done echo "done." else echo PROBLEMS
SETTING UP IP SPOOFING PROTECTION. BE WORRIED. echo "CONTROL-D
will exit from this shell and continue system startup." echo # Start a single
user shell on the console /sbin/sulogin
$CONSOLE fi

If you cannot do this, you can manually insert rules to protect every
interface. This requires knowledge of each interface. The 2.1
kernels automatically reject packets claiming to come from the 127.* addresses
(reserved for the local loopback interface, lo).